Java Security Model (GS: Ch. 7)TopicsBasics of Java Security ModelSlide 4Managing Cryptographic SignaturesSlide 6Slide 7Slide 8Slide 9Slide 10Slide 11Managing PermissionsSlide 13Slide 14Slide 15Slide 16Slide 17Slide 18Nextcsci5931 Web Security 1Java Security Model(GS: Ch. 7)csci5931 Web Security 2TopicsA. Basics of Java Security ModelB. Cryptographic SignaturesC. PermissionsCustomized Permissionscsci5931 Web Security 3Basics of Java Security ModelJava 2 security is policy-based.The policy defined in java.policy file controls the resources that Java codes have access to.Codesource = codebase + signercodebase: The location that the code comes from, either locally or from a remote site.signer: the entity that signed the code in questioncsci5931 Web Security 4Basics of Java Security ModelPermissions: specific actions that a codesource is allowed to take (e.g., access a file, connect to a machine)Types of Java codes:Java applicationsJava appletsJava servletsJava beans, JEBcsci5931 Web Security 5Managing Cryptographic SignaturesTools provided by Sun: keytool jarsigner policytoolkeytool (pp. 157-161): An application that ships with JDKIt manages keystores and can create certificates.It replaces javakey, found in Java 1.1.Note: Keystores are linked to the provider (e.g., Sun’s JCA provider). A keystore file generated by one provider will not work with a keystore file generated by another provider.csci5931 Web Security 6Managing Cryptographic SignaturesjarsignerA signing and verification tool for Java archive (JAR) filesAttaches a specific signer to a specific set of codesUsage: jarsigner [options] jar-file alias jarsigner -verify [options] jar-file [-keystore <url>] keystore location [-storepass <password>] password for keystore integrity [-storetype <type>] keystore type [-keypass <password>] password for private key (if different) [-sigfile <file>] name of .SF/.DSA file [-signedjar <file>] name of signed JAR file [-verify] verify a signed JAR file...csci5931 Web Security 7Managing Cryptographic SignaturesJarsigner(a) It signs JAR files.(b) It verifies signatures on JAR files.JAR (Java Archive): a .zip file that supports signatures.To sign a JAR file:You must have a private key and a certificate in your keystore.For your signed JAR file to be verifiable by others:Your certificate must be signed by a CA.csci5931 Web Security 8Managing Cryptographic SignaturesA signed JAR file allows the user to determine whether the Java codes contained in the JAR can be trusted or not.Applets are usually signed, if extra permissions (beyond those defined as defaults) need to be granted.In Java 1.2.1 or higher, every class within the same package inside a signed JAR must be signed by the same certificate. Q: Why is this important?csci5931 Web Security 9Managing Cryptographic SignaturesSteps in signing a JAR file:A. Use jar to create a JAR file out of the .class file(s).B. Use keytool to generate a keypair.C. Use jarsigner to sign the JAR file with the private key and the certificate.To verify a signed JAR file: jarsigner –verify …Example usage: p.179csci5931 Web Security 10Managing Cryptographic SignaturesWhen a JAR is signed, it is not the JAR itself that is signed, but some or all of the files it contains.A signed JAR contains three files:The manifest (HelloWorld.mf)The signature file (HelloWorld.sf)The digital signature file (HelloWorld.dsf)csci5931 Web Security 11Managing Cryptographic SignaturesTo view the content of a JAR file:Use jar command> jar tvf HelloWorld.jar 140 Wed Mar 19 10:22:24 CST 2003 META-INF/MANIFEST.MF 193 Wed Mar 19 10:22:24 CST 2003 META-INF/EXAMPLES.SF 1013 Wed Mar 19 10:22:24 CST 2003 META-INF/EXAMPLES.DSA 0 Wed Mar 19 10:13:58 CST 2003 META-INF/ 426 Wed Mar 19 10:13:30 CST 2003 HelloWorld.classUse winzip or something like thatcsci5931 Web Security 12Managing PermissionsThe Java security manager handles the checking of permissions as needed.The default implementation: java.lang.SecurityManager, which can be sub-classed or overwritten if necessary.Java enforces security by asking the security manager for permissions before taking any action that is considered potentially unsafe.csci5931 Web Security 13Managing PermissionsPermissions are defined in the java.policy file, which is stored in $JAVA_HOME/jre/lib/security/java.policy.Two ways to edit java.policy file: A. Manually by using a text editorB. Use policytool, which is a GUI tool for editing Java security policies (See examples on pp.188-189)An example: pp.182, 187 (FileWriteTest.java)csci5931 Web Security 14Managing PermissionsThe syntax for the grant command in java.policy file:grant signedBy “signer_names”, codeBase “URL” {permission permission_class_name “target_name”, “action”, signedBy “signer_names”;…}See sample listing on pp.183-184.More samples on p.186.csci5931 Web Security 15Managing PermissionsDefault permission classes in Java: p.190AllPermissionBasicPermissionFilePermissionSocketPermissionSubclasses of BasicPermission:AudioPermission, AWTPermission, NetPermission, …csci5931 Web Security 16Managing PermissionsCustomized Permissions:You may want to restrict access to certain classes based on the caller’s codesource.To prevent untrusted codes from calling some sensitive classes.An example (p.191): extending BasicPermission by creating a subclass.csci5931 Web Security 17Managing PermissionsCustomized Permissions: Example> java -cp SecretWordTest.jar -Djava.security.manager -Djava.security.policy=SecretWord.policy SecretWordTestThe secret word is: ossifragecsci5931 Web Security 18Managing PermissionsSecurity properties for the JVM are defined in the java.security file, which is stored in $JAVA_HOME/jre/lib/security/java.security.Security providers, policy provider, keystore type, etc. (pp.194-195)csci5931 Web Security 19NextTeam PresentationsSSL (GS: 9)Applet security (GS: 7)Servlets security (GS: